MaaS Appeal: An Infostealer Rises From The Ashes

NOVABLIGHT is a modular NodeJS/Electron infostealer offered as Malware-as-a-Service through Telegram and Discord; it supports credential and wallet theft (browser and Electron app injections), clipboard clipping, system enumeration (screenshots, webcam, Wi‑Fi passwords), anti-analysis checks, attempts to disable Defender/Task Manager and to sabotage recovery, and exfiltrates data to a hosted web panel, Discord webhooks, or Telegram proxies. The report includes infrastructure and IOCs (domains and hashes), build/distribution details, heavy obfuscation techniques, and evidence linking the actor to an established MaaS community.